Legal claims defining the scope of protection. Each claim is shown in both the original legal language and a plain English translation.
1. A method of user authentication, comprising: executing, on a processor of a computing device, instructions that cause the computing device to perform operations, the operations comprising: establishing an authentication relationship between an authentication entity hosted within an authentication computing device and a remote device connected to the authentication computing device via a first network connection; receiving a request from the remote device over the first network connection by the authentication entity to authenticate a user registered with the authentication entity; responsive to receiving the request to authenticate the user from the remote device over the first network connection, facilitating a biometric authentication challenge provided to the user through a first computing device connected to the authentication computing device via a second network connection and remote to the remote device, wherein the first network connection is different than the second network connection; determining a result of the user attempting to authenticate through the biometric authentication challenge provided to the user through the first computing device; and transmitting a message over the first network connection from the authentication entity to the remote device based upon the result, wherein the message specifies that the user either successfully authenticated or failed to authenticate through the biometric authentication challenge, wherein the transmitting a message comprises transmitting the message to the remote device to invoke the remote device to unlock a lock based upon the message indicating successful authentication.
This invention relates to user authentication systems, specifically a method for securely authenticating a user across different network connections. The system addresses the challenge of verifying user identity in scenarios where the authentication process must be conducted remotely from the device requiring access, such as a lock or secure system. The method involves an authentication entity hosted on a computing device that establishes a connection with a remote device (e.g., a lock or access control system) via a first network connection. When the remote device requests user authentication, the authentication entity initiates a biometric challenge (e.g., fingerprint, facial recognition) on a separate computing device (e.g., a smartphone or tablet) connected via a second, distinct network connection. The user attempts the biometric challenge on this first device, and the authentication entity evaluates the result. Based on the outcome, the authentication entity sends a message back to the remote device over the first network connection, indicating whether authentication succeeded or failed. If successful, the remote device (e.g., a lock) is triggered to unlock. This approach ensures secure, multi-device authentication while maintaining separation between the authentication and access control networks.
2. The method of claim 1 , comprising: sending a command from the authentication computing device hosting the authentication entity to the first computing device to invoke the first computing device to execute the biometric authentication challenge; and receiving the result from the first computing device by the authentication entity at the authentication computing device.
This invention relates to biometric authentication systems, specifically methods for securely verifying user identity using distributed computing devices. The problem addressed is the need for reliable, secure biometric authentication that can be performed across multiple devices while maintaining data integrity and user privacy. The method involves an authentication computing device hosting an authentication entity that manages the verification process. The system includes at least one first computing device capable of executing biometric authentication challenges, such as fingerprint or facial recognition scans. The authentication entity sends a command to the first computing device to initiate the biometric challenge, prompting the device to collect and process the biometric data. The first computing device then executes the challenge, such as capturing a fingerprint or facial scan, and performs local authentication by comparing the captured data against stored biometric templates. The result of this authentication—whether successful or failed—is then transmitted back to the authentication entity at the authentication computing device. This approach ensures that sensitive biometric data remains localized to the first computing device, enhancing security and privacy while enabling centralized authentication management. The system may also include additional computing devices for multi-factor or multi-device authentication scenarios.
3. The method of claim 1 , comprising: transmitting a second message to the remote device.
A system and method for wireless communication involves transmitting messages between a local device and a remote device to establish or maintain a connection. The method includes transmitting a first message from the local device to the remote device, where the first message contains data that enables the remote device to identify the local device and establish a communication link. The method further includes transmitting a second message from the local device to the remote device, where the second message contains additional data to facilitate the communication process. This additional data may include synchronization information, authentication credentials, or other parameters required for secure and reliable communication. The system ensures that the remote device can properly recognize and respond to the local device, allowing for efficient data exchange. The method is particularly useful in wireless networks where devices must dynamically establish connections under varying conditions. The second message may be transmitted after the first message to provide further instructions or updates to the remote device, ensuring the communication link remains active and secure. The system may also include error-checking mechanisms to verify the integrity of the transmitted messages, preventing data corruption during transmission.
4. The method of claim 3 , wherein the transmitting a second message comprises: transmitting the second message to the remote device to invoke the remote device to lock a second lock based upon the second message indicating failed authentication.
This invention relates to a security system for remotely controlling locks based on authentication status. The system addresses the problem of unauthorized access by ensuring locks are automatically secured when authentication fails. The method involves a primary device transmitting a first message to a remote device, where the first message includes authentication data. The remote device evaluates this data to determine if authentication is successful. If authentication fails, the remote device transmits a second message back to the primary device, instructing it to lock a second lock. The second lock is distinct from any lock controlled by the remote device itself. This ensures that even if the primary device is compromised, additional security measures are triggered remotely. The system may also include a third device that receives the second message and locks a third lock, further enhancing security. The method ensures that multiple locks can be secured in response to a single failed authentication event, providing a layered security approach. The invention is particularly useful in environments where multiple access points need to be secured simultaneously, such as in smart home or enterprise security systems.
5. The method of claim 1 , comprising: maintaining a plurality of authentication relationships between the authentication entity and a plurality of remote devices, wherein the plurality of remote devices comprises the remote device hosting a first service having a first account with the user and a second remote device hosting a second service having a second account with the user.
This invention relates to a system for managing authentication relationships between a central authentication entity and multiple remote devices, addressing the challenge of securely and efficiently handling user authentication across different services. The system maintains a plurality of authentication relationships between the authentication entity and the remote devices, where each remote device hosts a distinct service with a separate user account. For example, one remote device may host a first service with a first user account, while another remote device hosts a second service with a second user account. The authentication entity acts as a central authority, verifying user credentials and managing access to these services. This approach simplifies user authentication by consolidating multiple service accounts under a single authentication framework, reducing the need for separate logins and improving security by centralizing credential management. The system ensures seamless access to different services while maintaining secure authentication relationships across the remote devices.
6. The method of claim 1 , comprising: receiving the result comprising an encrypted key created based upon authentication of a user fingerprint.
A system and method for secure authentication using biometric data, specifically fingerprint recognition, to generate and manage encrypted keys for secure access control. The invention addresses the need for robust authentication mechanisms that prevent unauthorized access while ensuring the integrity and confidentiality of sensitive data. The method involves capturing a user's fingerprint, authenticating the fingerprint against stored biometric data, and generating an encrypted key based on the successful authentication. This encrypted key is then used to authorize access to secure systems, applications, or data. The system may include a biometric sensor for fingerprint capture, a processing unit to compare the captured fingerprint with stored templates, and an encryption module to generate the encrypted key. The encrypted key can be used in various security protocols, such as symmetric or asymmetric encryption, to ensure secure communication and data access. The method may also include additional security measures, such as multi-factor authentication, to enhance the overall security of the system. The invention is particularly useful in environments where high-security authentication is required, such as financial transactions, government systems, or enterprise networks.
7. The method of claim 1 , wherein the receiving a request comprises: receiving imagery captured by a sensor associated with an entrance, wherein the imagery depicts an entity attempting to gain access to a location through the entrance; and invoking the first computing device to render the imagery with the biometric authentication challenge.
This invention relates to biometric authentication systems for controlling access to secure locations. The problem addressed is the need for reliable and secure authentication methods to verify the identity of individuals attempting to enter restricted areas, particularly using visual data captured by sensors at entry points. The method involves receiving imagery from a sensor positioned at an entrance, where the imagery shows an individual trying to access a location. The system then processes this imagery to generate a biometric authentication challenge, which is displayed to the individual. The challenge may involve verifying facial recognition, iris scanning, or other biometric features to confirm the person's identity before granting access. The system ensures that the authentication process is integrated with the visual data captured at the entrance, enhancing security by dynamically assessing the individual's biometric traits in real time. This approach reduces reliance on traditional access methods like keycards or passwords, which are more susceptible to theft or duplication. The method improves security by leveraging advanced biometric analysis to authenticate individuals based on unique physiological characteristics, minimizing unauthorized access risks. The system may also include additional features such as real-time alerts or logging of authentication attempts for further security monitoring.
8. The method of claim 1 , wherein the receiving a request comprises: receiving sensor data, comprising at least one of an image, video, audio, or location information, acquired by a sensor associated with an entrance, wherein the sensor data is indicative of an entity attempting to gain access to a location through the entrance; and invoking the first computing device to display the sensor data to indicate that the entity is attempting to gain access into the location.
This invention relates to a security system for monitoring and managing access to a location through an entrance. The system addresses the problem of unauthorized or unmonitored access by using sensor data to detect and verify entities attempting entry. The method involves receiving sensor data from one or more sensors associated with an entrance, where the data may include images, video, audio, or location information. This data is indicative of an entity attempting to gain access to a secured location. The system then processes this sensor data to determine whether the entity is authorized. If further verification is needed, the system displays the sensor data on a computing device to alert security personnel or authorized users, allowing them to assess the situation in real time. The system may also include additional steps such as comparing the sensor data against stored credentials or biometric information to authenticate the entity. The invention improves security by providing immediate visual and auditory feedback to authorized personnel, enabling faster decision-making and reducing the risk of unauthorized access. The system can be integrated with various types of sensors and computing devices to enhance flexibility and adaptability in different security environments.
9. The method of claim 1 , wherein the receiving a request comprises: evaluating the request to determine that the user is attempting to gain access to a location through an entrance based upon locational data associated with the first computing device of the user.
This invention relates to a system for controlling access to physical locations using computing devices. The problem addressed is the need for secure and automated access control, particularly in scenarios where users attempt to enter restricted areas. The system determines whether a user is attempting to access a location through an entrance by analyzing locational data from the user's computing device. This data may include GPS coordinates, proximity sensors, or other positional information. The system evaluates the request to confirm the user's intent to enter the location, ensuring that access is granted only when the user is physically present at the entrance. This method enhances security by preventing unauthorized access and improves user convenience by automating the verification process. The system may also integrate with additional authentication methods, such as biometric verification or password entry, to further validate the user's identity before granting access. The overall goal is to provide a seamless and secure way to manage entry into restricted areas using real-time locational data.
10. A computing device comprising: a processor; and memory comprising processor-executable instructions that when executed by the processor cause performance of operations, the operations comprising: establishing an authentication relationship between an authentication entity hosted within an authentication computing device and a remote device connected to the authentication computing device via a first network connection; evaluating user signals of a user of a first computing device connected to the authentication computing device via a second network connection to determine that the user has a threshold likelihood of attempting to access a service provided by the remote device, wherein the first network connection is different than the second network connection; responsive to determining that the user has the threshold likelihood of attempting to access the service provided by the remote device connected to the authentication computing device via the first network connection, facilitating a biometric authentication challenge provided to the user through the first computing device connected to the authentication computing device via the second network connection and remote to the remote device; determining whether the user successfully authenticated or failed to authenticate through the biometric authentication challenge; and transmitting a message over the first network connection from the authentication entity to the remote device based upon a result of the biometric authentication challenge, wherein the message specifies that the user either successfully authenticated or failed to authenticate through the biometric authentication challenge, wherein the transmitting a message comprises transmitting the message to the remote device to invoke the remote device to unlock a lock based upon the message indicating successful authentication.
This invention relates to secure authentication systems for remote service access. The system involves a computing device with a processor and memory storing instructions to perform authentication operations. The device establishes an authentication relationship between an authentication entity hosted on the computing device and a remote device connected via a first network. A user of a first computing device, connected to the authentication device via a second, different network, generates signals that are evaluated to determine if the user is likely attempting to access a service provided by the remote device. If the likelihood exceeds a threshold, a biometric authentication challenge is facilitated through the first computing device. The system then determines whether the user successfully authenticates via the biometric challenge. Based on the result, a message is transmitted over the first network to the remote device, indicating whether authentication succeeded or failed. If successful, the message instructs the remote device to unlock a lock, enabling access to the service. This approach enhances security by using biometric verification before granting access to remote services, particularly in scenarios where the user and remote device are on separate networks.
11. The computing device of claim 10 , wherein the operations comprise: evaluating the user signals to determine that a location of the first computing device is within a threshold distance of an entrance that is locked, wherein the remote device is configured to lock and unlock the entrance based upon authentication of the user.
This invention relates to a computing device that facilitates secure access control for a locked entrance. The system addresses the problem of managing access to restricted areas by leveraging user authentication and proximity-based triggering. The computing device monitors user signals, such as biometric data or credentials, to verify the user's identity. When the device detects that the user is within a predefined threshold distance of a locked entrance, it communicates with a remote device responsible for controlling the entrance's lock mechanism. The remote device authenticates the user and, upon successful verification, unlocks the entrance, allowing the user to pass through. The system ensures secure access by requiring authentication before granting entry, while also automating the process based on the user's proximity to the entrance. This approach enhances convenience and security by reducing manual intervention while maintaining strict access control. The computing device may also include additional features, such as logging access events or integrating with other security systems, to provide a comprehensive access management solution.
12. The computing device of claim 10 , wherein the operations comprise: evaluating the user signals to identify a current time; and evaluating historic user activity data to determine that the user accesses the service within a threshold time of the current time.
This invention relates to computing devices that analyze user behavior to predict service access patterns. The problem addressed is the need for computing systems to intelligently anticipate when a user will access a service, enabling preemptive resource allocation or other optimizations. The computing device includes a processor and memory storing instructions that, when executed, perform operations to evaluate user signals and historic activity data. The operations include determining the current time from user signals, which may include device inputs, network activity, or other indicators of user presence or intent. The device then analyzes stored historic user activity data to assess whether the user typically accesses a specific service within a predefined time window relative to the current time. This evaluation helps predict whether the user is likely to access the service soon, allowing the system to prepare resources, reduce latency, or trigger other preparatory actions. The historic user activity data may include timestamps of past service accesses, frequency patterns, or contextual factors influencing access times. The threshold time defines the acceptable delay between the current time and the predicted access time, ensuring the prediction is actionable. This approach improves system efficiency by aligning resource allocation with anticipated user needs, reducing unnecessary overhead or delays. The invention is particularly useful in environments where service access timing is critical, such as cloud computing, IoT devices, or real-time applications.
13. The computing device of claim 10 , wherein the operations comprise: identifying a current location of a device attempting to access the service; evaluating the user signals to determine that the user is not located at the current location; and providing an alert to the user through the first computing device of the attempted access.
A computing device monitors and secures access to a service by analyzing user signals and device locations. The system identifies the current location of a device attempting to access the service, then evaluates user signals to determine whether the user is physically present at that location. If the user is not at the location of the accessing device, the system generates an alert to notify the user through a separate computing device, such as a smartphone or another authorized device. This mechanism enhances security by detecting and flagging unauthorized access attempts, particularly those originating from unexpected or suspicious locations. The solution leverages location data and user activity patterns to verify legitimate access, reducing the risk of fraud or unauthorized use. The system may also integrate with authentication protocols to further validate user identity before granting access. By combining location verification with user signal analysis, the device provides a robust defense against unauthorized access while maintaining usability for legitimate users.
14. The computing device of claim 10 , wherein the operations comprise: identifying a current time associated with a device attempting to access the service; evaluating the user signals to determine that the user does not historically access the service within a threshold time of the current time; and providing an alert to the user through the first computing device of the attempted access.
This invention relates to computing devices that monitor and secure access to services based on user behavior patterns. The problem addressed is unauthorized or suspicious access attempts to services, which can occur when a user's account is compromised or when an impersonator attempts to use the service at unusual times. The solution involves analyzing historical user access patterns to detect and alert on anomalous access attempts. The computing device includes a processor and memory storing instructions that, when executed, perform operations to secure service access. These operations include identifying the current time of an access attempt, evaluating user signals to determine whether the user historically accesses the service within a threshold time of the current time, and providing an alert to the user if the access is outside the expected time window. The user signals may include historical access times, device usage patterns, or other behavioral data. The alert is sent to the user through a first computing device, such as a smartphone or another trusted device, to notify them of the suspicious activity. This helps prevent unauthorized access by flagging deviations from normal usage patterns. The system may also include additional security measures, such as requiring authentication or blocking the access attempt if the alert is not acknowledged. The invention aims to enhance security by leveraging behavioral analytics to detect and mitigate potential threats in real time.
15. The computing device of claim 10 , wherein the operations comprise: maintaining a frequency of access parameter specifying a frequency at which the user accesses the service; evaluating the user signals to determine that a device attempting to access the service deviates from the frequency of access parameter; and providing an alert to the user through the first computing device of the attempted access.
This invention relates to computing devices that monitor and secure user access to online services. The problem addressed is unauthorized access attempts to user accounts, which can occur due to stolen credentials or automated attacks. The solution involves tracking user behavior patterns, particularly the frequency at which a user accesses a service, to detect anomalies and prevent unauthorized access. The computing device maintains a frequency of access parameter that specifies how often a user typically accesses a service. It evaluates user signals, such as login attempts or device identifiers, to determine whether an access attempt deviates from the expected frequency. For example, if a device attempts to access the service much more frequently than usual, the system flags this as suspicious. When such a deviation is detected, the device provides an alert to the user through their primary computing device, such as a smartphone or laptop, to notify them of the attempted access. This allows the user to take action, such as changing their password or blocking the suspicious device. The system enhances security by leveraging behavioral patterns rather than relying solely on static credentials, making it harder for attackers to bypass authentication measures. The alert mechanism ensures the user is promptly informed of potential threats, enabling proactive security measures. This approach is particularly useful for protecting sensitive accounts, such as financial or email services, where unauthorized access can lead to significant harm.
16. A non-transitory machine readable medium having stored thereon processor-executable instructions that when executed cause performance of operations, the operations comprising: establishing an authentication relationship between an authentication computing device and a remote device hosting a service with which a user of a first computing device has an account, wherein the authentication computing device, the first computing device, and the remote device are remotely connected over a network; receiving a request by the authentication computing device over the network from the remote device to authenticate the user, wherein the receiving a request comprises: receiving sensor data, comprising at least one of an image, video, audio, or location information, acquired by a sensor associated with an entrance, wherein the sensor data is indicative of an entity attempting to gain access to a location through the entrance; and invoking the first computing device to display the sensor data to indicate that the entity is attempting to gain access into the location; transmitting a command from the authentication computing device to the first computing device to provide a biometric authentication challenge to the user through the first computing device; receiving a result by the authentication computing device over the network from the first computing device of the user attempting to authenticate through the biometric authentication challenge; in response to the result indicating successful authentication, transmitting from the authentication computing device over the network to the remote device a success message; and in response to the result indicating failed authentication, transmitting from the authentication computing device over the network to the remote device a failure message.
This invention relates to a system for remote biometric authentication of users attempting to access a physical location. The system addresses the challenge of securely verifying a user's identity when they are not physically present at an authentication device, such as when they are at a different location and need to grant or deny access to a restricted area. The system includes an authentication computing device that establishes a secure connection with a remote service and a user's first computing device (e.g., a smartphone) over a network. When an entity approaches an entrance, a sensor (e.g., camera, microphone, or GPS) captures data (e.g., images, video, audio, or location) of the entity. This sensor data is sent to the authentication computing device, which then forwards it to the user's first computing device for display. The user views the sensor data and, if they recognize the entity, the authentication computing device prompts the user to complete a biometric challenge (e.g., fingerprint, facial recognition, or voice recognition) on their first computing device. The authentication result is sent back to the authentication computing device, which then transmits a success or failure message to the remote service based on whether the biometric authentication was successful. This allows the user to remotely verify and authorize access to a location.
17. The non-transitory machine readable medium of claim 16 , wherein the operations comprise: receiving a revoke request from the first computing device to revoke the authentication relationship, wherein the revoke request indicates that the user successfully authenticated with the first computing device; and revoking the authentication relationship.
This invention relates to authentication systems for computing devices, specifically to methods for securely managing authentication relationships between devices. The problem addressed is the need to efficiently and securely revoke authentication relationships when a user successfully authenticates with a device, ensuring that unauthorized access is prevented after authentication. The system involves a non-transitory machine-readable medium storing instructions that, when executed, perform operations for managing authentication relationships. These operations include receiving a revoke request from a first computing device to revoke an existing authentication relationship with a second computing device. The revoke request confirms that the user has successfully authenticated with the first device. Upon receiving the request, the system revokes the authentication relationship, effectively terminating any prior access permissions or connections between the devices. This ensures that the authentication relationship is invalidated once the user has authenticated with the first device, enhancing security by preventing unauthorized access through the revoked relationship. The system may also include additional operations for establishing or modifying authentication relationships, such as generating authentication tokens or verifying device credentials, to support secure device-to-device authentication. The revocation process is designed to be seamless and immediate, minimizing the risk of unauthorized access during transitions between authentication states.
18. The non-transitory machine readable medium of claim 17 , wherein the revoke request indicates that the user successful authenticated through a fingerprint authentication and a second authentication mechanism for the account of the user with the remote device.
A system for secure authentication involves a non-transitory machine-readable medium storing instructions that, when executed, perform a revocation process for a user account. The system receives a revoke request from a remote device, where the request includes authentication data confirming the user's identity. The revoke request specifically indicates that the user successfully authenticated through both a fingerprint authentication and a second authentication mechanism, such as a password, PIN, or biometric scan, for the user's account. The system processes this request to revoke access or permissions associated with the account, ensuring enhanced security by requiring multi-factor authentication before allowing sensitive operations like revocation. This approach prevents unauthorized access and ensures that only authenticated users can perform critical account actions. The system may also verify the revoke request against stored authentication records to confirm legitimacy before proceeding with the revocation. The second authentication mechanism may include any additional verification method beyond fingerprint, such as facial recognition, OTP, or security questions, to further strengthen security. The system ensures that revocation actions are only executed after confirming the user's identity through multiple independent authentication factors.
19. The non-transitory machine readable medium of claim 16 , wherein the authentication relationship specifies that the user and a second user are allowed to have access to the account upon successful biometric authentication.
A system and method for secure account access control using biometric authentication. The technology addresses the problem of unauthorized access to shared accounts, where multiple users may need access to a single account but require secure verification of identity. The invention involves a non-transitory machine-readable medium storing instructions that, when executed, perform authentication processes. The authentication relationship defines access permissions, specifying that a user and at least one additional user can access the account only after successful biometric authentication. The system verifies biometric data, such as fingerprints or facial recognition, to confirm the identity of each user before granting access. This ensures that only authorized individuals can access the shared account, enhancing security while allowing controlled multi-user access. The method may also include additional authentication steps, such as password verification or multi-factor authentication, to further secure the account. The system dynamically manages access permissions based on the authentication relationship, ensuring that only users meeting the specified criteria can interact with the account. This approach prevents unauthorized access while maintaining usability for legitimate users.
20. The non-transitory machine readable medium of claim 16 , wherein the service is a temporally limited service where the authentication relationship expires after a time period.
A system and method for managing authentication relationships in a computing environment involves a non-transitory machine-readable medium storing instructions that, when executed, perform operations to establish and manage authentication relationships between a client device and a service. The system includes a client device configured to request access to a service and a server configured to authenticate the client device and establish an authentication relationship. The authentication relationship is temporally limited, meaning it expires after a predefined time period. The system may also include a network interface for communication between the client device and the server. The instructions further enable the server to verify the authentication relationship before granting access to the service and to terminate the relationship upon expiration of the time period. The system may also include mechanisms for extending the authentication relationship by re-authenticating the client device. The technology addresses the problem of managing secure access to services in a way that ensures temporary access without requiring continuous authentication, improving both security and user convenience. The system can be applied in various domains, including cloud computing, enterprise networks, and online services, where temporary access control is required.
Unknown
October 13, 2020
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.